If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

SANS Alert! A Worm Is Attacking Microsoft SQL Server 7 Users
Microsoft shipped SQL Server 7 so it was automatically configured to
run without an administrator password. If you are running SQL Server
7, and are connected to the Internet, set an administrator password
right away to block the new worm. If the worm infects your system, it
will steal your account and password file, and force your machine to
scan for additional targets using as many as 100 threads. The attacker
can use the stolen account names and passwords to log back in and steal
other private data. Thousands of systems have already been taken over.http://www.vnunet.com/News/1131940http://www.reuters.com/news_article....StoryID=991291

Kudos to Congress
The Senate Commerce Committee has reported out a bill, unanimously,
that implements the only effective defense against worms like the
SQL Worm (above), Code Red and other mass attacks. Senate Bill
2182 requires government agencies to make sure their computers are
configured using best security practices appropriate for their use
(like having a password on every administrator account on SQL Server),
before the systems are connected to the Internet. The bill implements
for government the techniques used in-house by computer companies like
Microsoft and Sun Microsystems, and by many other large organizations
including most large banks. Extending the practice to all federal
systems and developing benchmarks agencies can use (and extend),
will be an enormous contribution to government Internet safety.http://www.gcn.com/vol1_no1/security/18706-1.html

Alan

TOP OF THE NEWS
20 May 2002 Hackers' Club May be Aiming to Launch Cyber Attack
17 May 2002 Second Sentencing in Piracy Ring.
16 & 17 May 2002 Phony Fingerprints Fool Biometric Readers
16 May 2002 Facial Recognition Technology Not Highly Accurate
15, 16 & 17 May 2002 FBI Confiscates Deceptive Duo Equipment; One
Under House Arrest

--20 May 2002 Hackers' Club May be Aiming to Launch Cyber Attack
The Muslim Hackers Club website offers tutorials on viruses, hacking
and other sorts of cyber attacks. The FBI and the DIA believe the
group aims to develop software tools that can be used to launch cyber
attacks on Western targets.http://www.msnbc.com/news/751115.asp

--16 & 17 May 2002 Phony Fingerprints Fool Biometric Readers
Fake fingerprints fashioned from gelatin were able to fool biometric
fingerprint readers 80% of the time, according to research performed
by Japanese researchers. The researchers also devised a way to create
fake fingerprints from fingerprints left on glass surfaces.http://news.com.com/2100-1001-915580.htmlhttp://www.theregister.co.uk/content/55/25300.htmlhttp://news.bbc.co.uk/hi/english/sci...00/1991517.stm
[Editor's (Ranum) Note: It is probably worth mentioning that under
$10 worth of stuff was needed to pull this off - no rocket science
required.
(Murray) This attack is a classic replay (or forgery) attack. Nothing
impressive about it. Replays are not unique to fingerprints.
Replays are a fundamental vulnerability of all biometrics. That is
why we insist upon strong authentication, that is, at least two forms
of evidence (something only one person has, knows, is, or can do) at
least one of which is implemented in such a way as to resist replay.
Those who continue to search for the perfect authenticator (easy
to use, can be reconciled at a distance, easy to enroll, cannot be
forgotten, lost, stolen or copied) are looking for magic.]

--20 May 2002 Benjamin's Authors Defend Action
The worm's creators say they wrote it to thwart the efforts of people
seeking pirated software and child pornography.http://www.newsbytes.com/news/02/176684.html
[Editor's (Schultz) Note: The ends do not justify the means. It is
truly sad that people who write code that does things without proper
authorization can justify their actions so smugly.
(Murray) Nice people do not soil their own sandbox.]

--20 May 2002 State Dept. Sends Klez to Mailing List
The State Department unwittingly sent the Klez virus to a travel
advisory mailing list over the weekend, then sent an apology on
Monday morning. The list software has been reconfigured not to send
on attachments. The State Department says a third-party vendor bears
responsibility for the incident.http://www.msnbc.com/news/754879.asp?0dm=C21ET

--19 May 2002 Falun Gong TV Hackers Sentenced
Four Falun Gong followers received prison sentences of between seven
and sixteen years for their roles in hacking into a cable television
network to broadcast information about their group.http://europe.cnn.com/2002/WORLD/asi....ap/index.html

--17 May 2002 ID Thieves Stole Credit Reports Using Ford's
Authorization Code
Ford Motor Credit Company authorization codes were fraudulently used
to obtain 13,000 credit reports from Experian. Information on the
reports, which were stolen over a ten-month period, includes names,
addresses, social security numbers and bank and credit card account
information. Ford has sent certified letters to all the people
affected by the security breach, advising them to get copies of
their credit reports and check them for unauthorized inquiries or
incorrect information. The FBI is investigating.http://www.computerworld.com/securit...,71267,00.htmlhttp://www.cnn.com/money/2002/05/17/...edit/index.htmhttp://www.nytimes.com/2002/05/17/te...gy/17IDEN.html
(Note: This site requires free registration.)

--16 & 17 May 2002 Sustainable Computing Consortium
Government agencies, technology companies and academic researchers have
come together to establish the Sustainable Computing Consortium at
Carnegie Mellon University in Pittsburgh. The group plans to create
engineering standards for software and create tools to test software
for security and reliability prior to its release. The group also
plans to address issues in public policy and law.http://zdnet.com.com/2100-1104-916026.htmlhttp://www.washingtonpost.com/wp-dyn...2002May16.html

--16 May 2002 Supermarket Tests Pay-by-Fingerprint System
Kroger supermarkets in Houston, TX are testing a "biometric electronic
financial transaction processing system," otherwise described as a
pay-by-fingerprint shopping system.http://www.ananova.com/news/story/sm_588924.html
[Editor's (Murray) Note: This is a tuning issue. However, in this
application too many false negatives are better than too many false
positives.]

--16 May 2002 DISA Security Cameras on Unsecured WLAN
The CTO of an intrusion detection services company found that the
closed circuit security cameras at the Defense Information Systems
Agency (DISA) in Arlington, VA were connected to an unsecured wireless
LAN; the network was not using the WEP protocol. A DISA said the
camera system was not connected to other DISA systems, and that
encryption would be in place soon.http://www.computerworld.com/securit...,71231,00.html

--16 May 2002 DoD Must Purchase Only NIAP Certified Products
Starting in July, the Defense Department will be required to purchase
only the information assurance products that have been certified by
the National Information Assurance Partnership (NIAP). NIAP, an NSA
initiative, has certified about two dozen products so far.http://www.fcw.com/fcw/articles/2002...p-05-16-02.asp
[Editor's (Ranum) Note: This is interesting. What about the installed
base? What about enforcing this? What organizations will be able to
get waivers? Excuse me if I am cynical but I remember "C2 by 92!" and
the orange book. I bet this is going to accomplish nothing.]

--16 May 2002 Media Player Vulnerability Also Addressed by Patch
Microsoft has thanked a Japanese firm for reporting an Internet
Explorer vulnerability that could allow malicious code to execute
automatically on computers if Windows Media Player is installed.
The problem is addressed in the IE patch Microsoft has released.http://www.newsbytes.com/news/02/176623.html

--17 May 2002 Microsoft Says Patch May Illuminate New Vulnerability
Microsoft says the researchers may have found a new vulnerability
that closely resembles the one described in the security bulletin
and for which a patch was issued. They are investigating.http://www.computerworld.com/securit...,71269,00.html

--15 May 2002 JDBGMGR.exe Hoax Has Some Basis in Fact
One reason the jdbgmgr.exe virus warning hoax is not losing steam is
the fact that the Magistr-A virus actually does send infected copies
of the jdbgmer.exe file. If the file is already on your computer,
it's probably not infected, but if you receive one as an attachment, it
probably is infected. As always, delete e-mail containing unexpected
.exe files and don't pass on warnings.http://www.theregister.co.uk/content/55/25294.html

--15 May 2002 Linux Defacements on the Rise
The number of defacements on computers running Linux is on the rise;
the number of incidents this year so far is already almost twice that
of last year's total. The defacements are especially prevalent on
web sites with domain names of German-speaking countries: Germany
(.de), Austria (.at) and Switzerland (.ch); many of the defacements
appear to have been perpetrated by the same group, known as hax0rs lab.http://www.vnunet.com/News/1131782

--15 May 2002 Australia Budgets $25 Million for Cyber Security
The Australian government plans to spend $25 million to protect the
country's banks, telecommunications companies and financial concerns
from cyber criminals. The fact that many of these institutions are
privately owned will complicate the effort.http://www.ds-osac.org/edb/cyber/new...y.cfm?KEY=8100

--14 May 2002 Border Security Bill Mandates Biometric Data in
Visitors' Documents
President George W. Bush signed H.B. 3525 into law. The bill allows a
$150 million budget for improving border security. Provisions include
a requirement that all documentation issued to visiting foreigners
contain biometric data. The bill also provides for creating a database
of suspected terrorists.http://www.govexec.com/dailyfed/0502/051402td1.htm

--14 May 2002 Flowgo Pop-up Ad Leads to Surreptitious Downloads
People who clicked on a certain pop-up ad on the Flowgo site were taken
to another site which appeared to be a digital slot machine and which
actually exploited a flaw in old versions of Internet Explorer's Java
engine to download files onto their computers. Researchers are not
yet entirely sure what the files do; some monitor surfing habits and
others let more files be sent to the computer. An install program
also turns off firewalls.http://www.vnunet.com/News/1131727

--14 May 2002 Phony Xbox Emulator Not a Trojan, Says Author
The man who claims to have written the purported Trojan called "Net
BUIE" disguised as an Xbox emulator says it is not a Trojan at all,
but a failed attempt to make money on pay-per-click scheme. He made
six revisions to the program; people who have downloaded the two
most recent versions will get a pop-up window with instructions for
uninstalling the program. The others will continue to get pop-ups,
but their computers will not be harmed.http://www.vnunet.com/News/1131736

That's cool. I especially liked the part about the kazaa virus. I've heard of all sorts of privacy issues, and various trojans and such, but this is the first I've heard of anything actually exploiting kazaa that wasn't intended by the authors.

Ford Motor Credit Company authorization codes were fraudulently used
to obtain 13,000 credit reports from Experian. Information on the
reports, which were stolen over a ten-month period, includes names,
addresses, social security numbers and bank and credit card account
information. Ford has sent certified letters to all the people
affected by the security breach, advising them to get copies of
their credit reports and check them for unauthorized inquiries or
incorrect information. The FBI is investigating

Identity thieves should be shot. I live in one of the highest identity theft area's. The person's who identity is stolen, will suffer years of having to deal with it. Especially if the thief, Stole items, ruined the credit, killed someone, etc etc.